LinkedIn describes itself as the largest professional network on the internet. In essence, it's a social media site aimed at professional networking and career-building. Members use the site to display their resumes, search for jobs, share knowledge, and interact with others in their industry sector.
LinkedIn was founded in 2003, which means it pre-dates Facebook, Twitter, Instagram, and Snapchat. Microsoft has owned the site since 2016. Available as both a website and an app, LinkedIn is believed to have around 740 million registered users in 150 countries. There are both free and premium (i.e., paid for) levels of membership. LinkedIn makes money by selling memberships, advertising, and recruitment services.
Privacy issues with social media are not uncommon, and in the past, LinkedIn has had its share of concerns. But how safe is it today, and what do users need to know?
Most social networking sites have the potential for security and privacy issues. LinkedIn privacy issues include:
Target-rich environment: Many senior business people use LinkedIn – reportedly, it's the most used social network by Fortune 500 companies – which makes it a ‘target rich’ environment for threat actors who use social media to gather information about large corporates, executives, and other employees.
LinkedIn fraud: LinkedIn has many job seekers looking for work or networking opportunities. They can be targets for fraud and phishing using social engineering tactics.
Data breaches: Depending on how you fill out your profile, LinkedIn contains a lot of information about you. This could be used for malicious purposes by hackers if data falls into the wrong hands via LinkedIn data scraping or theft.
Reputational risks: If your account is hacked or compromised, a hacker could post information on your behalf, which could damage your reputation.
Data sharing: Because LinkedIn is owned by Microsoft, your information could be shared across dozens of platforms without you necessarily realizing it.
In 2012, there was a significant LinkedIn data breach during which 6.5 million user passwords were compromised. That was a long time ago, and since then, the company has taken steps to enhance its security protocols.
Currently, within the context of social networking, LinkedIn does not have any glaring security problems. But like other social networking sites, LinkedIn is only as safe as you make it. By default, LinkedIn shares certain details that you might want to keep private. It is therefore essential to manage your LinkedIn privacy and security settings.
When using LinkedIn, keep in mind that all information you post on your profile should be considered public information. Every post, resume listing, and status update is a public broadcast.
One of LinkedIn’s most significant vulnerabilities is not unique to it; namely, users setting the same password across multiple sites. Many social networking sites have this problem, but the responsibility ultimately lies with users. Cross-site passwords are only as safe as the weakest site on the list. You can avoid this problem by using different passwords for different websites. A password manager can help with this.
One aspect of LinkedIn that makes it somewhat safer than other social media sites is that users are only expected to connect with professional contacts. That is, users are encouraged to network only with people they know in a professional setting. With most content on the platform being user-generated, you are being fed information from people you know and trust instead of random bots online.
Because LinkedIn is primarily a utility for professional networking, recruiting, and brand building, the site’s user community is arguably more motivated to keep it clean than other social platforms. In contrast to Facebook and Twitter, LinkedIn also sees fewer fraudulent accounts.
If you’re wondering how to make your LinkedIn profile private, here are some helpful privacy tips:
To remove your contact info from your LinkedIn public profile:
LinkedIn offers secure browsing, and this feature is essential, especially if you access LinkedIn from coffee shops, airports, or anywhere else with public Wi-Fi hotspots. To enable LinkedIn's secure browsing mode:
Even if you don’t have contact information in your public profile, there is other potentially sensitive information that hackers could use to build up a picture of you. For example, listing the companies you work for or have worked for might help hackers with social engineering attacks against those companies or provide clues about your location.
To edit your public profile:
If you aren't comfortable with people seeing your activity feed or knowing that you've viewed their profile, turn on LinkedIn's private viewing mode.
Here are some recommendations to maximize your security and privacy on LinkedIn.
Use a strong password:
A strong password is made up of 12 characters or more and includes a mix of characters – upper and lower-case letters plus symbols and numbers. It also avoids obvious details about you and memorable keypaths (e.g., the sequence 1234 and so on). Change your password regularly and avoid using the same password for multiple accounts – consider using a password manager like Kaspersky Password Manager to make this easier.
Be cautious about disclosing your telephone number:
LinkedIn is a networking site – the purpose is to make connections – but be selective about who you share your telephone number with and avoid listing it publicly in your profile.
Be mindful of scams, fraud, and phishing:
Be wary of recruiter scams on LinkedIn. Never transfer or wire money for "application fees" or similar. Be careful if a recruiter asks you to send personally identifiable information (PII) to an email address that isn't associated with the company in question.
Turn on two-factor authentication for your account:
Two-factor authentication requires people to use more than one form of verification to access an account. For example, a passcode sent to your phone or produced via an authenticator app, in addition to your password. Two-factor authentication can reduce unauthorized access and identity theft. LinkedIn has advice on how to set this up here.
Keep an eye on permitted services:
In an automated world that encourages us to link services together, several services may have access to your LinkedIn account. Most will be fine, but they are also essentially access points to your account, so it's worth checking out which back doors you have left open from time to time to make sure that they are ones you are aware of. You can do this in the Account section of Settings and Privacy under the title of Permitted Services.
Keep an eye on the number of devices logged in:
If you log into LinkedIn from multiple devices and locations – home, your office, your client’s office – and you don’t log out each time, it can all add up. This can leave potential loopholes – check by reviewing Where you are signed in.
LinkedIn uses your data and online behavior trail to sell to advertising partners and any organization seeking insights on trends related to the labor market. You can choose not to be part of this by turning off Participate in Research within Account settings.
LinkedIn provides advice on how to prevent LinkedIn identity theft here. As well as practicing cybersecurity awareness, using an antivirus solution like Kaspersky Total Security will protect you online – including from hackers, viruses, and malware.